project-health-auditor
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard development and auditing commands, including
cloc,npm audit,npm outdated, andpytest. These operations are well-aligned with the skill's stated purpose of auditing project health. - [DATA_EXFILTRATION]: The skill includes instructions to search for potential secrets (e.g., passwords, API keys, and tokens) within the codebase using
grep. This is a legitimate diagnostic function for a security audit tool, and no instructions to exfiltrate or transmit discovered data were found. - [PROMPT_INJECTION]: As the skill processes external codebase content (e.g., reading files and tool outputs), it is theoretically susceptible to indirect prompt injection where malicious content in comments or strings could influence the agent's report. However, this is a standard risk for any tool that interprets untrusted code and is not a flaw in the skill's own logic.
Audit Metadata